[libpng17] Added png_ptr->process_mode = PNG_READ_IDAT_MODE in

png_push_read_chunk after recognizing the IDAT chunk, which avoids an infinite loop while reading a datastream whose first IDAT chunk is of zero-length.
2025-07-10 18:04:09 +02:00 · 2014-02-23 10:09:57 -06:00 · 2014-02-23 10:09:57 -06:00 · 713a20c57d
commit 713a20c57d
parent 4526f546ba
3 changed files with 7 additions and 0 deletions
--- a/3
+++ b/3
@ -552,6 +552,9 @@ Version 1.7.0beta32 [February 23, 2014]
    support older Clang versions (Jeremy Sequoia).
  Use a user warning handler in contrib/gregbook/readpng2.c instead of default,
    so warnings will be put on stderr even if libpng has CONSOLE_IO disabled.
+  Added png_ptr->process_mode = PNG_READ_IDAT_MODE in png_push_read_chunk
+    after recognizing the IDAT chunk, which avoids an infinite loop while
+    reading a datastream whose first IDAT chunk is of zero-length.

 Send comments/corrections/commendations to png-mng-implement at lists.sf.net
 (subscription required; visit
--- a/3
+++ b/3
@ -4841,6 +4841,9 @@ Version 1.7.0beta32 [February 23, 2014]
    support older Clang versions (Jeremy Sequoia).
  Use a user warning handler in contrib/gregbook/readpng2.c instead of default,
    so warnings will be put on stderr even if libpng has CONSOLE_IO disabled.
+  Added png_ptr->process_mode = PNG_READ_IDAT_MODE in png_push_read_chunk
+    after recognizing the IDAT chunk, which avoids an infinite loop while
+    reading a datastream whose first IDAT chunk is of zero-length.

 Send comments/corrections/commendations to png-mng-implement at lists.sf.net
 (subscription required; visit
--- a/pngpread.c
+++ b/pngpread.c
@ -234,6 +234,7 @@ png_push_read_chunk(png_structrp png_ptr, png_inforp info_ptr)
         png_error(png_ptr, "Missing PLTE before IDAT");

      png_ptr->mode |= PNG_HAVE_IDAT;
+      png_ptr->process_mode = PNG_READ_IDAT_MODE;

      if (!(png_ptr->mode & PNG_HAVE_CHUNK_AFTER_IDAT))
         if (png_ptr->push_length == 0)